diff options
author | W. Trevor King <wking@tremily.us> | 2014-02-13 08:47:20 -0800 |
---|---|---|
committer | David Bremner <david@tethera.net> | 2014-02-14 08:29:33 -0400 |
commit | aaa7f0d92ee9c876c38da43be5c49e8d5c73a99b (patch) | |
tree | b97b8a5fbcf1324df082f107a55d989d3c881223 /configure | |
parent | aa32d2579b0aa4c8c8a31a1d6060445b254b2be2 (diff) |
nmbug-status: Escape &, <, and > in HTML display data
'message-id' and 'from' now have sensitive characters escaped using
xml.sax.saxutils.escape [1]. The 'subject' data was already being
converted to a link into Gmane; I've escape()d that too, so it doesn't
need to be handled ain the same block as 'message-id' and 'from'.
This prevents broken HTML by if subjects etc. contain characters that
would otherwise be interpreted as HTML markup.
[1]: http://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape
Diffstat (limited to 'configure')
0 files changed, 0 insertions, 0 deletions